Details about package oidc-agent
Name: | oidc-agent |
---|---|
Uploader: | Marcus Hardt <marcus@hardt-it.de> (Debian QA page) |
Description: | oidc-agent-cli - Commandline tool for obtaining OpenID Connect Access tokens on the commandline liboidc-agent4 - oidc-agent library liboidc-agent-dev - oidc-agent library development files oidc-agent-desktop - oidc-agent desktop integration oidc-agent - Commandline tools for obtaining OpenID Connect Access tokens on the commandline |
Package uploads
Upload #18
Information
Version: | 4.0.2-1 |
---|---|
Uploaded: | 2020-12-10 11:19 |
Source package: | oidc-agent_4.0.2-1.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.2-1) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0 * Add -z now to LDFLAGS * Update to upstream version 4.0.2
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Package is the latest upstream version
local: 4.0.2 upstream: 4.0.2 url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.2.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent-devliboidc-agent4oidc-agentoidc-agent sourceoidc-agent-clioidc-agent-desktop
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
initial-upload-closes-no-bugs
-
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #17
Information
Version: | 4.0.0-6 |
---|---|
Uploaded: | 2020-11-09 09:12 |
Source package: | oidc-agent_4.0.0-6.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-6) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0 * Add -z now to LDFLAGS
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
local: 4.0.0 upstream: 4.0.0-mac url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.0-mac.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent sourceoidc-agent-desktop
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #16
Information
Version: | 4.0.0-7 |
---|---|
Uploaded: | 2020-11-06 16:42 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-7) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0 * Add -z now to LDFLAGS
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
local: 4.0.0 upstream: 4.0.0-mac url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.0-mac.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent sourceoidc-agent-desktop-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
I
hardening-no-bindnow
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #15
Information
Version: | 4.0.0-6 |
---|---|
Uploaded: | 2020-11-06 16:27 |
Source package: | oidc-agent_4.0.0-6.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-6) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0 * Add -z now to LDFLAGS
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
local: 4.0.0 upstream: 4.0.0-mac url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.0-mac.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent sourceoidc-agent-desktop-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
I
hardening-no-bindnow
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #14
Information
Version: | 4.0.0-5 |
---|---|
Uploaded: | 2020-11-06 15:12 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-5) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
local: 4.0.0 upstream: 4.0.0-mac url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.0-mac.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent sourceoidc-agent-desktop-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
I
hardening-no-bindnow
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #13
Information
Version: | 4.0.0-4 |
---|---|
Uploaded: | 2020-11-06 13:12 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-4) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install * Use debian packages for cjson and list * Support the latest upstream 4.0.0
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
local: 4.0.0 upstream: 4.0.0-mac url: https://github.com/indigo-dc/oidc-agent/archive/v4.0.0-mac.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent sourceoidc-agent-desktop-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
I
hardening-no-bindnow
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #12
Information
Version: | 4.0.0-3 |
---|---|
Uploaded: | 2020-10-13 15:37 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-3) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). * Changed how the symmetric key is derived in ipc communication to be able to support ipc encryption eith golang lib. . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13 * Add install files for dh_install
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Package is the latest upstream version
local: 4.0.0 upstream: 3.3.5 url: https://github.com/indigo-dc/oidc-agent/archive/v3.3.5.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent sourceoidc-agent-desktop
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #11
Information
Version: | 4.0.0-3 |
---|---|
Uploaded: | 2020-09-29 15:22 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-3) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Package is the latest upstream version
local: 4.0.0 upstream: 3.3.5 url: https://github.com/indigo-dc/oidc-agent/archive/v3.3.5.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent sourceoidc-agent-desktop
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #10
Information
Version: | 4.0.0-3 |
---|---|
Uploaded: | 2020-09-29 15:07 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-3) UNRELEASED; urgency=medium . [ Marcus hardt ] * Non-maintainer upload * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Package is the latest upstream version
local: 4.0.0 upstream: 3.3.5 url: https://github.com/indigo-dc/oidc-agent/archive/v3.3.5.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent sourceoidc-agent-desktop
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #9
Information
Version: | 4.0.0-3 |
---|---|
Uploaded: | 2020-09-29 14:52 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-3) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Update dependency versions . [ Marcus hardt ] * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Optionally prints the device code url QR-code directly to the terminal * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file * Separate packages between graphical and non graphical environments * Use debhelper-compat-version 13
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Package is the latest upstream version
local: 4.0.0 upstream: 3.3.5 url: https://github.com/indigo-dc/oidc-agent/archive/v3.3.5.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
The uploader is not in the package's "Maintainer" or "Uploaders" fields
- User email
- marcus@hardt-it.de
- "Maintainer" email
- packages@lists.kit.edu
-
–
Package has lintian warningsoidc-agent source
-
W
no-nmu-in-changelog
-
W
source-nmu-has-incorrect-version-number
- 4.0.0-3
-
I
unreleased-changelog-distribution
-
X
debian-watch-does-not-check-gpg-signature
-
P
trailing-whitespace
- debian/changelog (line 30)
- debian/changelog (line 31)
- debian/control (line 98)
- debian/control (line 99)
oidc-agent-desktop-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
virtual-package-depends-without-real-package-depends
- Depends: x-terminal-emulator
-
I
spelling-error-in-description
- "This packages" "These packages"
-
W
no-nmu-in-changelog
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #8
Information
Version: | 4.0.0-2 |
---|---|
Uploaded: | 2020-09-16 09:38 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-2) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library. * Added oidc-agent-server a oidc-agent version that can run as a central server. * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata * Fix watch file
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 12
-
–
Package is the latest upstream version
local: 4.0.0 upstream: 3.3.5 url: https://github.com/indigo-dc/oidc-agent/archive/v3.3.5.tar.gz -
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
-
debian/changelog needs cleanup. Further review pending.
Needs work Micha Lenk at Sept. 25, 2020, 8:46 p.m.
Upload #7
Information
Version: | 4.0.0-2 |
---|---|
Uploaded: | 2020-09-16 08:08 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-2) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library. * Added oidc-agent-server a oidc-agent version that can run as a central server. * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt) * Add upstream/metadata
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 12
-
–
A watch file is present but doesn't work
-
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #6
Information
Version: | 4.0.0-1 |
---|---|
Uploaded: | 2020-09-16 07:23 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-1) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library. * Added oidc-agent-server a oidc-agent version that can run as a central server. * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt)
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 12
-
–
A watch file is present but doesn't work
-
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent-devliboidc-agent4oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
initial-upload-closes-no-bugs
oidc-agent source-
I
unreleased-changelog-distribution
-
P
package-uses-old-debhelper-compat-version
- 12
-
X
upstream-metadata-file-is-missing
oidc-agent-promptoidc-agent-server -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #5
Information
Version: | 4.0.0-1 |
---|---|
Uploaded: | 2020-08-13 16:40 |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0-1) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library. * Added oidc-agent-server a oidc-agent version that can run as a central server. * Added encryption to liboidc-agent (now depends on libsodium). . [ Marcus Hardt ] * Move to new debian packaging 3.0 (quilt)
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 10
-
–
Watch file is not present
-
–
Package is not native
format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent-devliboidc-agent4oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
-
W
initial-upload-closes-no-bugs
oidc-agent source-
I
debian-watch-file-is-missing
-
I
unreleased-changelog-distribution
-
P
package-uses-old-debhelper-compat-version
- 10
-
X
upstream-metadata-file-is-missing
oidc-agent-promptoidc-agent-server -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #4
Information
Version: | 4.0.0 |
---|---|
Uploaded: | 2020-07-29 14:25 |
Source package: | oidc-agent_4.0.0.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library.
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Watch file is not present
-
–
Package is native
format: 3.0 (native) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsoidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #3
Information
Version: | 4.0.0 |
---|---|
Uploaded: | 2020-07-29 13:55 |
Source package: | oidc-agent_4.0.0.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library.
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Watch file is not present
-
–
Package is native
format: 3.0 (native) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #2
Information
Version: | 4.0.0 |
---|---|
Uploaded: | 2020-07-29 12:40 |
Source package: | oidc-agent_4.0.0.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
Vcs-browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library.
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Watch file is not present
-
–
Package is native
format: 3.0 (native) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
X
exit-in-shared-library
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
W
package-uses-deprecated-debhelper-compat-version
- 9
-
I
unreleased-changelog-distribution
-
P
cute-field
- debian/control@source Vcs-browser vs Vcs-Browser
-
X
exit-in-shared-library
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments
Upload #1
Information
Version: | 4.0.0 |
---|---|
Uploaded: | 2020-07-28 15:10 |
Source package: | oidc-agent_4.0.0.dsc |
Distribution: | UNRELEASED |
Section: | misc |
Priority: | optional |
Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium . [ Marcus hardt ] * Trying to fix debuild messages * Updated dependency versions . [ Gabriel Zachmann ] * Fixes dependencies versions * adds man pages . [ Gabriel Zachmann ] * Support for Authorization Code Flow * Support for Device Flow * Support for user defined scopes * Couple of minor improvements * Couple of bugfixes . [ Gabriel Zachmann ] * Support for providing the device authorization endpoint manually . [ Gabriel Zachmann ] * Removed https://perun.elixir-czech.cz/oidc/ from issuer.config. . [ Marcus Hardt ] * Add IAM of DEEP to issuer.conf * Also accept libcurl4 as a dependency . [ Gabriel Zachmann ] * Adds documentation notes on expiring refresh tokens . [ Gabriel Zachmann ] * Adds possibility to build the C-API as static library * oidc-token now uses this library . [ Gabriel Zachmann ] * fixed segmentation fault for an unchecked file existence . [ Gabriel Zachmann ] * Fixes static library * Includes Refactoring * Hides client secret * Adds optional client name identifier when using dynamic registration * Optionally prints the device code url QR-code directly to the terminal * Validation for redirect url format * Fixes some typos * Backward-compatible API-change: ipc access token requests now also contain the associated issuer; also the C-API includes it . [ Gabriel Zachmann ] * Replaces JSON Parser Library * On default only one configuration file for client and account config is generated. * json and list dependencies are now included as source files not as a static library * oidc-agent can now be started with a default lifetime for account configurations * a lifetime can be specified when using oidc-add * Better no_color support. * Memory encryption: Encrypting refresh_token and client credentials when not used. * oidc-agent can now be locked. This includes additional encryption for access tokens, refresh tokens and client credentials. * Supporting seccomp (can be turned off) to restrict system calls * Automatic call of authorization url can be turned off * Adds support for bash-completion * Changes to command line arguments: no longer using space delimited strings * Removed the feature to list the currently loaded account configurations * Token Request can now include an application hint * Token Request Response now includes expires_at * Unloading accounts does not require a password anymore * Added option to unload all loaded accounts. * Improvements to the memory management * Fixed a bug where automatic account generation failed after successful dynamic client registration. * Improved UX: checking if oidc-add can connect to agent before prompting for encryption password . [ Gabriel Zachmann ] * Fixes a bug related to merging json objects * Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt option insted. * Improves UI: oidc-gen only prompts for credentials if using the password flow * Improved flow internal handling of dynamic client registration * Fixes a missing seccomp syscall . [ Gabriel Zachmann ] * Fixed a bug that disabled seccomp for oidc-add and oidc-token * Internal Improvements to bash-completion * Fixed a bug where dyn client reg would fail if the preselected scope was modified. . [ Gabriel Zachmann ] * Fixed a bug that autoremoved also accounts with infinite lifetime when an account with limited lifetime expired * Added missing seccomp syscalls * Fixed a bug that broke bash completion * Fixed possible segmentation faults * Disabled seccomp on default * Disables Tracing: Cannot attach using ptrace . [ Gabriel Zachmann ] * Now using base64 encoding instead of hex encoding for all new encryptions * Updated the config file format used for all new encryptions; this includes the version it was generated with * Added possibility to update a config file to the newest file format / encryption * Improved the en/decryption, so that all parameters needed are now saved (linked to the file format) * Fixed seg faults * Allows usage of cjson package instead of included source files * Fixed double response from oidc-agent for check request if agent locked * Changes to the libsodium depencency: required newer version, now included as static library * Now providing a shared library and not only a static library * The shared library is provided in the liboidc-agent2 package, the needed development files in the liboidc-agent-dev package * Fixed invalid read in stringToJSON * Fixed possible double frees when the already set value is passed to a setter * Fixed missing authentication for device code access token requests * Now allowing using OIDPs that support the device flow, but don't advertise it by using the oidc-gen --dae option * Improved UX: checking if oidc-gen can connect to agent before prompting the user for any information * Support for IPC encryption: oidc-add and oidc-gen now only communicate in an encrypted way with oidc-agent * Fixed a bug where the grant_type parameter was falsly included in the auth code url * Improved the account listing output . [ Gabriel Zachmann ] * Fixed a bug causing problems with the device flow * Fixed memory leaks . [ Gabriel Zachmann ] * Fixed a bug due to which errors during token revocation were ignored * Fixed a bug displaying a (wrong) error message when token revocation succeeded and the server answered with an empty response when using encrypted ipc communication * Fixed a bug where the browser would not redirect to the webserver when the chosen port was to high * Fixed a sementation fault if the config tmp file did not contain the account shortname * Fixed broken bash-completion when oidcdir did not yet exist . [ Gabriel Zachmann ] * Fixed build error if bin dir not existed * Fixed a problem with unity OP where access token did not have any scope * Fixed strange additional parameters in the auth code exchange request * Fixed superfluous error logs when checking if a string is a json object * Changed encoding for memory encryption from hex to base64 . [ Gabriel Zachmann ] * Fixed a bug due to which oidc-agent would return a wrong already loaded account config when generating a new account config * Improved error handling when no authorization flow possible * Fixed a seg fault when dynamic client registration failed * Fixed a seg fault in memory decryption if account config does not have a client secret (public client) * Added support for PKCE * Added support for public clients * Fixed a bug where it was possible to display issuer urls that only differ in the trayling slash twice when using oidc-gen * Enforce usage of openid and offline_access scope in all cases . [ Gabriel Zachmann ] * Improve error message when necessary scopes cannot be registered during dynamic client registration * If necessary scopes cannot be registered during dynamic client registration, a public client is tried * Fixed memory leaks * Allow updating of public clients by using the -m and --pub option . [ Gabriel Zachmann ] * Added public client for aai.egi.eu . [ Gabriel Zachmann ] * Added environment variable to manually specify the oidc-agent config directory location * Added option to manually specify the used redirect port during dynamic client registration . [ Gabriel Zachmann ] * Fixed file locations when using a custom oidcdir (through env var) and the path value did not have a trailing slash * Fixed a possible seg fault . [ Gabriel Zachmann ] * Fixed a bug that made it impossible to use the device flow . [ Gabriel Zachmann ] * Removed an unnecessary client_id from post data, that caused problems with iam when using the device flow. . [ Gabriel Zachmann ] * Changed the fundamental architecture by introducing a new proxy daemon * Now an account config can be updated by oidc-agent, i.e. when a provider issues a new refresh token * oidc-agent can manage the encryption password: store encrypted in memory, use keyring, use user provided command, or prompt the user * Added autoload possibility. If an application requests an access token for a not loaded config, it is automatically loaded, if the user allows it. * Added possibility that each usage of an account configuration has to be confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent -c * Changed the oidc-agent console module flag from -c to -d * Changed the default port for redirect urls when using dynamic client registration from 2912 to 4242 * Added encryption for the communciation between agent and its httpserver * Added possibility to complete account generation with the url a user is redirected to * Fixed possible seg faults . [ Gabriel Zachmann ] * Added support for custom uri scheme redirect uris * Added support for doing the auth code flow without a webserver * Added public clients for HBP, Elixir * Added support for XSession integration * Various bug fixes and other improvements * Allow -u to encrypt unencrypted files, not only reencrypting already encrypted files * When using oidc-gen --delete the account config now does not have to be loaded. The refresh token can also be revoked if not loaded. * Added --reauthenticate option to oidc-gen to easily update the refresh token without changing any other metadata * En-/Decryption password prompts can be done noninteractive using the --pw-cmd option * Improved documentation * Fixed some memory leaks * Fixed a seg fault when locking an agent that has a public client loaded * Fixed other possible seg faults * Improved usability of oidc-gen and other enhancements . [ Gabriel Zachmann ] * Fixed the course of a bug that would not utilize the cached AT when an application requests an AT with an empty scope value. This fix might have also fixed other unknown bugs. * Improved the user prompt message for autoload when the application does not send an application_hint * Improved error handling when refresh token wrong * Fix a bug related to the confirm feature: after a request is declined it was impossible to get an access token for this configuration without reloading the configuration. . [ Gabriel Zachmann ] * Changed the type of the UNIX domain socket used for communciating with oidc-agent from SOCK_SEQPACKET to SOCK_STREAM * This allows forwarding of the oidc-agent through ssh * Added getAccessToken2 to liboidc-agent * Access tokens can now be requested by issuer url; the suer can set an default account config for each issuer * Added the correlating functions to liboidc-agent * oidc-token can now also be used with issuer urls . [ Gabriel Zachmann] * Added the elixir public client to the list of public clients . [ Gabriel Zachmann ] * Fixed a segfault if the pubclients.conf file does not exist * Fixed segfault if the issuer.config in the oidc-agent directory doesn't exist and an AT is requested by issuer. * Fixed behavior of oidc-gen -p when the passed file does not exist. . [ Gabriel Zachmann ] * Support on MacOS . [ Gabriel Zachmann ] * Fixed a bug that did not save the information from dynamic client registration (did not save merged data). * Updated the cJSON library . [ Gabriel Zachmann ] * Fixed a bug due to which no error message was displayed when trying to load an account configuration and the oidc-agent directory was not accessible for oidc-add. * This bug also caused the agent to crash if oidc-token was used to load this account configuration on the fly and the oidc-agent directory was not accessible for oidc-agent. . [ Gabriel Zachmann ] * Add possibility to allow applications that run under another user access to the agent by using the --with-group option . [ Marcus Hardt ] * Add debhelper-token * Remove build-essential from Build-Depends * Improve clean target to fix "source-is-missing" lintian warnings . [ Gabriel Zachmann ] * Add possibility to avoid custom uri scheme (useful when running on a remote server) * Fixed bug with doubled communication when not all required scopes could be registered * Now displaying warning message when client regstration could not register all requested scopes. . [ Gabriel Zachmann ] * Add public clients for deep and extreme datacloud . [ Gabriel Zachmann ] * Add public clients for iam-demo.cloud.cnaf.infn.it . [ Gabriel Zachmann ] * Fixed bug that might cause problems with providers that do not support PKCE. No longer sending code_verifier on auth code exchange requests. . [ Gabriel Zachmann ] * Fixed some spelling errors. * Fix X11 settings only adjusted when the configuration file already exists. * Increased oidc-gen polling interval and duration. * oidc-gen now displays the scopes supported by the provider. * Scopes provided to oidc-gen are no longer intersected with the supported scopes. . [ Gabriel Zachmann ] * Improve RPM build . [ Gabriel Zachmann ] * Fix scope lookup not using cert path. * Exit oidc-gen when error during scope lookup. * Add option to oidc-token to specify name of calling application. * Add option to oidc-add to list currently loaded accounts. * Fix no-scheme option not working if first url is scheme url. * Add option to oidc-agent that allows log message printed to stderr. * Fix that some information is printed to stderr instead of stdout. * Fix scopes not set when using password flow. * Add support to request tokens with specific audience. * Add wlcg.cloud.cnaf.infn.it * Add public client for wlcg.cloud.cnaf.infn.it * Update cJSON library. * Add --id-token option to oidc-token to request an id-token from the agent. * Fix some minor bugs. * Add oidc-keychain to reuse oidc-agent across logins . [ Gabriel Zachmann ] * Remove dot files from oidc-add and oidc-gen -l * Add a header line for oidc-add -a . [ Gabriel Zachmann ] * Add aai-demo.egi.eu * Add public client for aai-demo.egi.eu . [ Gabriel Zachmann ] * Fix --pw-cmd not correctly working when output does not end with newline character * Fix duplicated output of oidc-agent when redirecting * Fix oidc-agent dies when client disconnects before agent can write back. . [ Gabriel Zachmann ] * Updated the issuer urls of HDF. * Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used. . [ Gabriel Zachmann ] * Add possibility for force a new AT through oidc-token. * Add status command to oidc-agent to get information about the currently running agent. * Allow users to rename accounts. * Write temporary data to oidc-agent instead of tmp file. * Fix seg fault in oidc-gen issuer selection when selecting 0 * Delete oidc client when deleting agent configuration. * Improved bash completion of oidc-gen short options. * Add --pw-file option to read decryption password from file * Improve password prompt on autoload. * On default cnid (oidc-gen) is set to the hostname; so the hostname is included in the client name. * oidc-gen is now completely non-interactive * Added several new options for passing information to oidc-gen * User can now choose between cli and gui prompts. * Fix bug where oidc-gen would use a public client instead of aborting when generating a account configuration with a shortname that is already loaded. * When the 'max' keyword is used for scopes and a public client is used, this now uses the maximum scopes for that public client, not the issuer. * Fixes a possible conflict between the application type 'web' and custom scheme redirect uris. * Update cJSON library.
QA information
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Watch file is not present
-
–
Package is native
format: 3.0 (native) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian warningsliboidc-agent4
-
X
exit-in-shared-library
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent-
W
bash-completion-with-hashbang
- usr/share/bash-completion/completions/oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
W
package-uses-deprecated-debhelper-compat-version
- 9
-
I
binary-control-field-duplicates-source
- field "Section" in package oidc-agent-prompt
-
I
unreleased-changelog-distribution
-
P
trailing-whitespace
- debian/control (line 66)
oidc-agent-prompt -
X
exit-in-shared-library
-
–
No VCS field present
-
–
Package is not in Debian
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License
Comments
No comments